I'm new to the whole ELK stack, progressing slowly but passionately.
I'm having problems producing tile-map results. I've configured Logstash to use geoip:
geoip {
source => "client_ip"
}
I've put the following into the custom template I'm using for my indices.
"geoip" : {
"dynamic" : true,
"properties" : {
"ip" : {
"type" : "ip"
},
"location" : {
"type" : "geo_point"
},
"latitude" : {
"type" : "half_float"
},
"longitude" : {
"type" : "half_float"
}
}
}
What I can see is that I do get the data for each Apache event, for example:
geoip.location.lat: 48.1
geoip.location.lon: 20.783
When I try to visualize it, I get no results (using a saved search and proper time frame).
I'm using Aggregation: Geohash and field: location
One more thing I noticed: Logstash created an ES template called "logstash" while in its configuration it's clearly stated it should use a defined index.
output {
elasticsearch {
hosts => [ "localhost:9200" ]
index => "apache-request-%{+YYYY.MM}"
document_id => "%{fingerprint}"
action => "create"
}
}
What am I missing?
